// aes-cbc.js  
const crypto = require('crypto');

// ============================
// 1. 参数准备 
// ============================
const algorithm = 'aes-256-cbc';    // aes-128-cbc / aes-192-cbc 也可 
// const key = crypto.randomBytes(32);    // 32B = 256bit；16B=128bit 
const key = Buffer.from("zj2F9#aU3$vE5nX3@qR7tY4wF2*hA1cR", 'utf8');
const iv = crypto.randomBytes(16);    // CBC IV 固定 16B 

// ============================
// 2. 加密函数 
// ============================
function encrypt(plainText) {
  console.log('IV for this encryption:', iv.toString('base64'));
  const cipher = crypto.createCipheriv(algorithm, key, iv);
  let encrypted = cipher.update(plainText, 'utf8', 'base64');
  encrypted += cipher.final('base64');
  return {
    encrypted,
    iv: iv.toString('base64')    // IV 也要发给对方 
  };
}

// ============================
// 3. 解密函数 
// ============================
function decrypt(packet) {
  const { encrypted, iv } = packet;
  console.log('IV for this decryption:', iv);
  const decipher = crypto.createDecipheriv(
    algorithm,
    key,
    Buffer.from(iv, 'base64')  // 注意这里要从Base64还原回Buffer
  );
  let decrypted = decipher.update(encrypted, 'base64', 'utf8');
  decrypted += decipher.final('utf8');
  return decrypted;
}

function secureDecryptResponse(_0x158888, _0x32663c) {
  try {
    if (!_0x158888 || typeof _0x158888 !== "object" || !_0x158888.encrypted) {
      return _0x158888;
    }
    const {
      encrypted: _0x2f3b8d,
      window: _0x1c9c1f,
      signature: _0x1adfbb
    } = _0x158888;
    const _0x41b129 = crypto.createHash("sha256").update(_0x32663c).digest("hex").substr(0, 16);
    const _0x84c67f = crypto.createHash("sha256").update(_0x32663c + _0x1c9c1f + "xcai_primary_salt_2024").digest("hex");
    const _0xeafddf = crypto.createHash("sha256").update(_0x84c67f + _0x41b129).digest("hex");
    const _0x123667 = crypto.createHmac("sha256", Buffer.from(_0xeafddf, "hex")).update(_0x2f3b8d).digest("hex");
    if (_0x123667 !== _0x1adfbb) {
      return _0x158888;
    }
    const _0x54f7dc = Buffer.from(_0x2f3b8d, "base64");
    const _0x1412fb = _0x54f7dc.slice(0, 16);
    const _0x55cbec = _0x54f7dc.slice(16);
    const _0x401964 = crypto.createDecipheriv("aes-256-cbc", Buffer.from(_0xeafddf, "hex"), _0x1412fb);
    let _0x4f3dce = _0x401964.update(_0x55cbec);
    _0x4f3dce = Buffer.concat([_0x4f3dce, _0x401964.final()]);
    const _0x4cb840 = JSON.parse(_0x4f3dce.toString());
    const _0x23ff77 = crypto.createHash("md5").update(_0x32663c).digest("hex").substr(0, 8);
    if (_0x4cb840.card_hash !== _0x23ff77) {
      return _0x158888;
    }
    return _0x4cb840.payload;
  } catch (_0x1d7cbe) {
    return _0x158888;
  }
}

// ============================
// 4. Demo 
// ============================
// const msg = 'Hello AES-CBC in Node.js';
// const enc = encrypt(msg);
// console.log('Encrypted:', JSON.stringify(enc, null, 2));

// const dec = decrypt(enc);
// console.log('Decrypted:', dec);

const sk5Packet = JSON.parse(`{
    "encrypted": "REPbNuHfeiqwDGIIwrpvyLpCR\/wjtFgPoAx0vLPtfQ3sRA6nBYpH3X+mGzIP5lSrrHKUipcrGCRSNZoi1Prc3F1THSQEqqJ6GkTtFS8Cw+xB0yMjmAjMqXclW+nves9T2m8bHXzYKZY3HgGm844fCxUQHwx8HZg2GxLnJyXzlZWxEUxs41YGujdYAR6\/ydk17FqnGWk0LrNt0SEp4Z7vdtH9VZvMsTehXB\/nfOHxLPMQe6ac+P1+7aOi+wP0p1aEa9UWBf+ge79dG5sMFkwx\/QFQmPjUgLkaNWa2BUOlhi4kqPY2Ow1VrsRUKhdOFgsHPsAenptjJ\/bVNF2QcAcv74RRGjdzCtvUOgq5P8z5zaSVXNLcIS63IM67OPv4JLG70K3po5RY7tiE4cZ88bOwop816nwwJMpSCj18b4rNr3JAyx6vCjk0dyyN1XdRVijh",
    "window": 1760276400,
    "signature": "466685141607c293d04cf5c686c49ddc8085ab618378b06a5448ff12e9be1f26"
}`);

var result = secureDecryptResponse(sk5Packet, "cdk-cdk-cdk-cdk");
console.log('Decrypted Payload:', result);

